A discussion on the "chmod +x"


#22

All that really needs to happen is someone writes a patch for nautilus (GNOME Files) to give a more helpful message when someone double-clicks on an AppImage (or on any ELF binary) that doesn’t have execute permission. The message could be something like:

Execute this file as a program?

For security reasons, this program currently does not have permission to run on your computer. If you know where it came from and trust the source, click here to grant permission.

A message like this should pop up even if the user is running appimaged, in my opinion. This is equivalent to the warning given on a Mac when the user tries to run an untrusted .app file.


#23

Exactly.

Would you be able to write this? I wouldn’t even know where to start.


#24

I approached the Nautilus developers. They were friendly and welcoming, but they said that all platforms (Windows, Mac, Linux) are moving away from allowing untrusted executables to run outside of a sandboxed environment. It is highly likely that quite soon, Nautilus will no longer have the the ability to launch programs by double-clicking on them, even if they DO have execute permission. This means the question of prompting for execute permission is moot, because the program won’t run anyway.

They suggested this course of action:

  1. Add the AppImage MIME-type to the open-with list for a sandbox program.
    • Double-clicking an AppImage runs it inside a sandbox.
  2. Add the AppImage MIME-type to the open-with list for GNOME Software.
    • Double-clicking an AppImage opens GNOME Software and asks if the user wants to install the AppImage.

It may also be possible to modify the spec slightly to make AppImages valid flatpak and/or snap packages, but fully self-contained so that they can still be run independently of those packaging tools.

The bottom line from the lead developer for Nautilus was:

csoriano: [with] respect to the file manager: sandbox with perms framework? ok to run, otherwise, no